Phishing scams are one of the most common security challenges individuals and businesses face these days. Attackers are seeking to steal valuable data through any form of communication possible. Whether it’s gaining access to credit cards, passwords, or other sensitive information, hackers utilize email, social media, and phone calls to carry out their scams.
These attacks are more common than ever now. We saw a major influx of phishing scams during the height of the COVID-19 pandemic, where attackers attempted to exploit widespread remote marketing. The Federal Bureau of Investigation reported that it received more than 241,000 complaints about phishing attempts during 2020, an increase of about 126,000 complaints from the prior year.
It’s clear that hackers are making these attempts to compromise data, but how are they doing it? Check out this valuable guide on how to detect and avoid phishing scams, as well as how one might be carried out.
Company Impersonation
One of the most common types of phishing scams comes in the form of company impersonation. Attackers will impersonate your brand using an email connected to a similar-looking domain to your company (example: “CompanyCEOName@YourCompanyName”). To avoid this form of phishing, verify any emails you’re unsure about with a supervisor, and don’t click on any suspicious links. Scammers can also include pop-up ads in their messages, so restrain from clicking these as well, even out of curiosity.
Email Phishing
Email phishing involves using a fake email address that resembles a legitimate email address, whether it be a person or company, and also includes key details about the target. Similar to how an authentic sales email would read, hackers personalize their email with key details, including the receiver’s name, position, and more. They send out pitch emails and seek information about other employees to compel more victims into their trap. If you receive an email you suspect is coming from a fake company, do research on the name of the organization and ensure they are real by investigating whether or not they have a website, social media, or other online presence. Also, check for misspellings, poorly crafted sentences, and other tell-tale signs that the email is probably not legit. Spam filters work well in this situation as well and can weed out phony messages.
Account Takeover
This type of phishing scam is perhaps the most difficult to defend against. Email account takeover attacks occur when a scammer has acquired the email credentials of a company’s high-profile leadership. Once they’ve gained access to an executive or employee’s account, they target colleagues, team members, and even customers with the goal of attaining financial or sensitive information. If you receive a suspicious email, reach out to the owner of the account through phone call or text message and verify whether or not it was them who sent the message.
In Closing
There are many methods attackers use in attempts to carry out their phishing scams. Thankfully, protecting your computer with security software, using filters on your email account, staying proactive and aware of who exactly is contacting you, setting automatic updates on your mobile device, utilizing -factor authorization on accounts, and more can keep you safe.
Need help with understanding how to detect and avoid phishing scams, or don’t have the time to keep your brand’s security up to par? Reach out to us today, and we’ll help you #DoA180.